fix(Oracle): passwordless authentication issues with Oracle wallet#3370
fix(Oracle): passwordless authentication issues with Oracle wallet#3370KiranMohan wants to merge 7 commits into
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for passwordless Oracle database connections (using Oracle Wallet/SEPS) and TNS configurations by making the database username and password optional under certain conditions, updating the connection string generation, and passing TNS_ADMIN as configDir for the OCI driver. The reviewer pointed out that passwordless authentication is only supported by the OCI-based driver (godror) and not the pure Go driver (go-ora). Consequently, the reviewer recommended restricting the validation logic to only allow passwordless connections when useOCI is enabled with tnsAdmin, and suggested corresponding updates to the tests and documentation.
…N issue This commit: - Relaxes validation to make 'user' and 'password' optional when a wallet (tnsAdmin or walletLocation) is configured. - Resolves the lazy initialization TNS_ADMIN lookup bug by passing configDir to the godror connection string rather than mutating the global environment variables. - Updates unit tests to verify passwordless configurations and updates documentation accordingly.
This commit: - Maps 'tnsAlias' and 'tnsAdmin' to 'ORACLE_TNS_ALIAS' and 'ORACLE_TNS_ADMIN' environment variables in the prebuilt configuration. - Adds fallback colons to ORACLE_CONNECTION_STRING, ORACLE_USERNAME, and ORACLE_PASSWORD variables. - Documents the new variables and adds configuration examples for both standard and passwordless wallet usage.
KiranMohan
force-pushed
the
oracle_wallet_auth_issue
branch
from
a01e141 to
f39f3d5
Compare
…let authentication
KiranMohan
changed the title
|
@duwenxin99 |
Yuan325
added
priority: p1
|
/gcbrun |
3 participants
Description
This PR fixes issues in OracleDB integration - support for passwordless Oracle Wallet / SEPS (Secure External Password Store) connections, resolves a critical
TNS_ADMINenvironment variable lifecycle issue, and fixes a positional parameter mismatch bug in the prebuiltlist_tablesquery.Summary of Changes
fix(sources/oracle)):TNS_ADMINwas temporarily set in the environment and immediately reverted via adeferblock wheninitOracleConnectionreturned. Because Go'sdatabase/sqlopens connections lazily, physical connection attempts (e.g.PingContextor queries) executed after the environment variable was unset/reverted, causing connection failure (ORA-12154).useOCIis enabled, thetnsAdminpath is now passed directly to thegodrordriver in the connection string via theconfigDirparameter.userandpasswordfields optional when a wallet configuration (tnsAdminorwalletLocation) is provided.fix(oracle)):list_tablesquery referenced the positional parameter:1twice, causing the driver to expect 2 arguments. When executing the tool, it failed withsql: expected 2 arguments, got 1.:1only once using theNVL(:1, t.table_name)pattern.feat(prebuilt/oracledb)):tnsAlias,tnsAdmin,walletLocation,user,password,useOCI) to environment variables in [oracledb.yaml] for Passwordless Wallet Support (file: internal/prebuiltconfigs/tools/oracledb.yaml).PR Checklist
CONTRIBUTING.md
bug/issue
before writing your code! That way we can discuss the change, evaluate
designs, and agree on the general idea
!if this involve a breaking change🛠️ Fixes # 3389